Confs Space
Security Aug 9, 2019

Hacking the Zyxel NAS 326 from the Perspective of a n00b

DEF CON 27 IoT Village
DEF CON 27 IoT Village Conference Collection

“This talk will convey the hacking methodology that took place in order to find the vulnerabilities within the Zyxel NAS 326, including some fun dives into the technical weeds. Note: despite how critical security flaws are, they will be not fixed by the manufacturer. First, the talk will go over the how to dump the source code from the Zyxel NAS 326, as well as understanding the organization of the device. Once we understand how the device works, we will dive into 4 independent bugs discovered on the NAS: including two remote code executions bugs (RCE) and an arbitrary file move. All of the bugs will have a step-by-step walkthrough of how they were discovered and how to exploit them with live demos. "

Bio: Maxwell Dulin (Strikeout or ꓘ) is a recent graduate from Gonzaga University who is a self taught hacker. He will be starting a job at Security Innovation in a couple of months as security consultant. Previously, he has organized the Spokane (WA) Mayor’s Cyber Cup for college and high school students to learn about the cybersecurity industry.

#DEFCON #Hacking #IoT #Security #Infosec #Village